Lucene search

K

114 matches found

CVE
CVE
added 2013/11/19 4:50 a.m.13021 views

CVE-2013-6629

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG mark...

5CVSS6.1AI score0.0021EPSS
CVE
CVE
added 2014/06/05 9:55 p.m.12801 views

CVE-2014-3470

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certifi...

4.3CVSS7.4AI score0.90829EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.12369 views

CVE-2014-1491

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote...

4.3CVSS8.4AI score0.00607EPSS
CVE
CVE
added 2014/04/07 10:55 p.m.3934 views

CVE-2014-0160

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys,...

7.5CVSS7.5AI score0.94436EPSS
CVE
CVE
added 2014/10/15 12:55 a.m.842 views

CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

4.3CVSS4.4AI score0.9413EPSS
CVE
CVE
added 2013/07/29 1:59 p.m.442 views

CVE-2013-4854

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with...

7.8CVSS5.6AI score0.70184EPSS
CVE
CVE
added 2014/06/05 9:55 p.m.424 views

CVE-2014-0224

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions...

7.4CVSS7.5AI score0.92939EPSS
CVE
CVE
added 2013/07/20 3:37 a.m.246 views

CVE-2013-2028

The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-b...

7.5CVSS7.5AI score0.92269EPSS
CVE
CVE
added 2013/05/29 2:29 p.m.224 views

CVE-2002-2443

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as...

5CVSS5.3AI score0.48591EPSS
CVE
CVE
added 2013/08/06 2:56 a.m.174 views

CVE-2013-4124

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

5CVSS6.7AI score0.86808EPSS
CVE
CVE
added 2019/11/01 8:15 p.m.172 views

CVE-2013-4168

Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields.

6.1CVSS5.9AI score0.00579EPSS
CVE
CVE
added 2014/06/05 9:55 p.m.167 views

CVE-2014-0195

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow...

6.8CVSS7.8AI score0.9232EPSS
CVE
CVE
added 2014/04/14 10:38 p.m.158 views

CVE-2010-5298

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment...

4CVSS7AI score0.10661EPSS
CVE
CVE
added 2014/06/05 9:55 p.m.148 views

CVE-2014-0221

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

4.3CVSS6.8AI score0.81898EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.148 views

CVE-2014-1528

The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.

10CVSS9.5AI score0.01117EPSS
CVE
CVE
added 2014/05/06 10:44 a.m.142 views

CVE-2014-0198

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via v...

4.3CVSS7.4AI score0.34862EPSS
CVE
CVE
added 2014/07/03 5:55 p.m.142 views

CVE-2014-0247

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.

10CVSS6.3AI score0.07117EPSS
CVE
CVE
added 2014/12/09 11:59 p.m.139 views

CVE-2014-8501

The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.

7.5CVSS8.2AI score0.04516EPSS
CVE
CVE
added 2018/02/09 10:29 p.m.125 views

CVE-2014-3219

fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.

7.8CVSS8.2AI score0.00035EPSS
CVE
CVE
added 2020/02/17 10:15 p.m.121 views

CVE-2014-8089

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

9.8CVSS9.8AI score0.01115EPSS
CVE
CVE
added 2019/11/18 11:15 p.m.118 views

CVE-2014-5118

Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability

5.5CVSS5.3AI score0.0005EPSS
CVE
CVE
added 2013/10/10 10:55 a.m.116 views

CVE-2013-4345

Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the...

5.8CVSS5.9AI score0.01022EPSS
CVE
CVE
added 2014/12/09 11:59 p.m.104 views

CVE-2014-8737

Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.

3.6CVSS8.4AI score0.00073EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.102 views

CVE-2014-1490

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possi...

9.3CVSS8.8AI score0.00915EPSS
CVE
CVE
added 2019/11/01 1:15 p.m.99 views

CVE-2013-4751

php-symfony2-Validator has loss of information during serialization

8.1CVSS7.8AI score0.00598EPSS
CVE
CVE
added 2014/12/16 6:59 p.m.99 views

CVE-2014-8964

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.

5CVSS8.4AI score0.02089EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.97 views

CVE-2013-5609

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

10CVSS10AI score0.02752EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.94 views

CVE-2014-1518

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

9.3CVSS8.9AI score0.02818EPSS
CVE
CVE
added 2014/12/09 11:59 p.m.94 views

CVE-2014-8502

Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.

7.5CVSS8.5AI score0.04743EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.93 views

CVE-2014-1477

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod...

9.8CVSS9.3AI score0.00852EPSS
CVE
CVE
added 2014/12/09 11:59 p.m.92 views

CVE-2014-8503

Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.

7.5CVSS8.4AI score0.057EPSS
CVE
CVE
added 2014/04/18 10:14 p.m.90 views

CVE-2014-2287

channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service ...

3.5CVSS7AI score0.22862EPSS
CVE
CVE
added 2014/10/31 2:55 p.m.89 views

CVE-2013-0334

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

5CVSS9.2AI score0.00498EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.89 views

CVE-2014-1520

maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process.

6.9CVSS8.8AI score0.00039EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.89 views

CVE-2014-1532

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap ...

9.8CVSS8.3AI score0.03612EPSS
CVE
CVE
added 2018/01/08 7:29 p.m.88 views

CVE-2014-1859

(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.

5.5CVSS5.2AI score0.00145EPSS
CVE
CVE
added 2013/10/09 10:55 p.m.86 views

CVE-2013-2207

pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.

2.6CVSS8AI score0.00071EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.86 views

CVE-2014-1482

RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted i...

9.3CVSS9AI score0.02741EPSS
CVE
CVE
added 2014/12/09 11:59 p.m.86 views

CVE-2014-8485

The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.

7.5CVSS8.7AI score0.04328EPSS
CVE
CVE
added 2019/12/10 3:15 p.m.85 views

CVE-2013-2166

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass

9.8CVSS9.2AI score0.00087EPSS
CVE
CVE
added 2014/12/29 12:59 a.m.85 views

CVE-2014-8132

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

5CVSS6.1AI score0.02784EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.83 views

CVE-2013-5613

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via...

10CVSS9.6AI score0.11056EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.83 views

CVE-2014-1481

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.

7.5CVSS8.5AI score0.02581EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.83 views

CVE-2014-1486

Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.

10CVSS8.8AI score0.10821EPSS
CVE
CVE
added 2014/01/16 5:5 a.m.82 views

CVE-2013-2139

Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.

2.6CVSS7.2AI score0.01807EPSS
CVE
CVE
added 2014/05/08 2:29 p.m.82 views

CVE-2014-0190

The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.

4.3CVSS8.2AI score0.02801EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.82 views

CVE-2014-1523

Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.

6.5CVSS7.5AI score0.0054EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.82 views

CVE-2014-1531

Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corr...

9.3CVSS8.3AI score0.01722EPSS
CVE
CVE
added 2014/12/09 11:59 p.m.82 views

CVE-2014-8504

Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.

7.5CVSS8.4AI score0.03302EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.81 views

CVE-2013-5612

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.

4.3CVSS7.7AI score0.00739EPSS
Total number of security vulnerabilities114